How to set SSL Forward Secrecy & cipher-suite?

A

Alfa1

New Member
#1
#1
When I check my SSL certificate through online SSL checkers I get these results:

Server has not enabled HTTP Strict-Transport-Security
Users may be exposed to man-in-the-middle attacks

Server uses RC4 cipher with modern browsers
More secure ciphers are available for TLS 1.1 and newer

My host comments:
Litespeed does not seem to have support for Forward Secrecy and I do not see any setting in the LiteSpeed Admin Panel to change the allowed cipher-suite for a DirectAdmin configuration. Please ask LiteSpeed support for assistance.

Please advise how to resolve this.
 
T

theRKF

Well-Known Member
#3
#3
Thanks for addressing these items. With Google's increased emphasis on https for all sites it's more important than ever that we be able to support SSL without taking much of a performance hit, and to make sure our servers are configured properly.

I admit I'm punching above my weight a bit when it comes to some of these finer details of Litespeed config. Our box has tested with an A- on Qualsys SSL tool, with the same issues as above:
RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger ciphers are available. Grade reduced to A-.
The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
Click to expand...
So ... do I mess around more, or be happy with the A-?

Will there be more detailed instructions available for dealing with these two issues?
 
M

mistwang

LiteSpeed Staff
#4
#4
Forward Secrecy need carefully crafted ciphers setting.
We update our latest 4.2.14 build with that as default, so, you may get it by updating to the latest 4.2.14 build.

/usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.14

Openssl has been updated to 1.0.1i .
 
T

theRKF

Well-Known Member
#5
#5
I am already running 4.2.14 at the time this was posted.

We're running off the Apache config file, would that be the issue?
 
You must log in or register to reply here.
Top